Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

4

1.
C H A PT E R 3
Managing Your Switches
You can use the IOS Release 12.0(5)XP software to manage a single switch, a stack of
switches that are managed individually, or a cluster of switches that is managed through a
single IP address. You can use any of the management interfaces to manage a switch or
cluster. This chapter describes the switching features provided by this software release and
how you can change them.
This chapter describes how to manage a single switch by using the following methods:
• Cisco Switch Network View, a graphical application that displays a map of the devices
that are connected to your switch.
• Cisco Visual Switch Manager (CVSM), a graphical application for monitoring the
switch, conﬁguring ports and other features, and upgrading the switch software.
Note How-to information for CVSM is in the online help available from all CVSM pages.
• Cisco IOS command-line interface (CLI)
Cisco IOS command-line interface (CLI) procedures are included for many tasks in this
chapter. However, this guide describes only the use of IOS commands that have been
created or changed for use with the 2900 and 3500 XL switches. These commands are
further described in the Cisco IOS Desktop Switching Command Reference (online
only). For information on other IOS Release 12.0 commands, refer to the IOS
documentation set available from the CCO home page by selecting Service and
Support>Technical Documents>Documentation Home Page>Cisco IOS Software
Conﬁguration>Cisco IOS Release 12.0.
For information on clustering, see Chapter 4, “Managing Clusters of Switches.”
Managing Your Switches 3-1

7.
Managing Configuration Conflicts
Table 3-1 Default Settings and Where to Find Them (continued)
Default Web Interface or Menu Option, and Equivalent IOS CLI
Feature Setting Section in this Guide Procedure
Addressing Disabled CVSM: Security>Address Management “CLI Procedure for Adding
security “Adding Secure Addresses” section on Secure Addresses” section on
page 3-71 page 3-72
Trap manager 0.0.0.0 CVSM: System>SNMP Conﬁguration “CLI Procedure for Adding a
“Adding Trap Managers” section on page 3-62 Trap Manager” section on
page 3-64
Community strings public CVSM: System>SNMP Conﬁguration Documentation set for Cisco
“Entering Community Strings” section on IOS Release 12.0 on CCO
page 3-62
Port security Disabled CVSM: Security>Port Security “CLI Procedure for Enabling
“Enabling Port Security” section on page 3-77 Port Security” section on
page 3-79
Managing Conﬁguration Conﬂicts
Certain combinations of port features conﬂict with one another. For example, if you deﬁne
a port as the network port for a VLAN, all unknown unicast and multicast trafﬁc is ﬂooded
to the port. You could not enable port security on the network port because a secure port
limits the trafﬁc allowed on it. In Table 3-2, no means that the two referenced features are
incompatible.
If you try to enable incompatible features by using CVSM, CVSM issues a warning
message and prevents you from making the change. Reload the web page to refresh CVSM.
Managing Your Switches 3-7

8.
Saving Changes to the Startup Configuration
Table 3-2 Incompatible Features
Connect
ATM Port SPAN Multi-VLAN Network to
Port1 Port Group Security Port Port Port Cluster?
ATM Port — No No No No No Yes
2
Port Group No — No No Yes Yes Yes
Port Security No No — No No No Yes
3
SPAN Port No No No — No No Yes
Multi-VLAN Port No Yes No No — Yes Yes
Network Port No Yes (source-based No No Yes — No4
only)
Connect to Yes Yes Yes Yes Yes No —
Cluster
1 Catalyst 2900 XL switches only.
2 Cannot be in a destination-based port group.
3 An ATM port cannot be a monitor port but can be monitored.
4 Cannot connect cluster members to the command switch.
Saving Changes to the Startup Conﬁguration
The conﬁguration ﬁle that loads when the switch is restarted is stored in Flash memory. The
conﬁguration in this ﬁle is not necessarily the same as the running conﬁguration. If you
want the running (current) conﬁguration to be used when the switch restarts, use CVSM or
the CLI to save the conﬁguration ﬁle. The CVSM procedure is described in the “Reloading
and Upgrading the Switch Software” section on page 3-40. The CLI procedure is described
in the “Working with Files in Flash Memory” section on page 2-37.
3-8 Cisco IOS Desktop Switching Software Configuration Guide

9.
Managing Switches through Switch Network View
Managing Switches through Switch Network View
Switch Network View extends web-based network management to the other devices in your
network. By exchanging Cisco Discovery Protocol (CDP) messages with attached
CDP-enabled devices, Switch Network View graphically displays the surrounding star
topology that consists of 2900 and 3500 XL switches and Cisco edge devices.
Supported switches must be running the IOS Release 12.0(5)XP or 11.2(8.x)SA6. Catalyst
2900 XL switches with 4 MB of DRAM must be running IOS Release 11.2(8.x)SA6. For
more information, see Table 1-1 on page 1-4. In addition, you need to enable SNMP and
set the community string to public on all stack members.
Switch Network View differs from Cluster Management in the following ways:
• You must assign an IP address to each stack member.
• You must connect your switches in a star topology with the primary switch at the center.
Switch Network View does not support daisy-chained switch topologies.
• Up to four directly connected supported switches can be stack members.
Understanding a Switch Network View Stack
The center node in a star topology acts as a primary switch in Switch Network View. Up to
four directly connected supported switches can be stack members. These switches can be
displayed in a consolidated physical view called the visual stack. You can access device and
link information about the stack from the Switch Network View page and the Visual Stack
page.
If more than four switches are connected, Switch Network View displays only the four
connected to the lowest port numbers of the primary switch. All other devices are
considered edge devices.
For a complete description of the Switch Network View interface, see “Using Switch
Network View” section on page 2-13.
Managing Your Switches 3-9

10.
Managing Switches through Switch Network View
Displaying the Switch Network View Page
The Switch Network View page (Figure 3-1) displays a map of the devices and links that
are directly connected to your switch. From this page, you can display switch connection
information, device reports, and link reports. This page also displays Cisco routers,
switches, hubs, and Cisco Micro Web Servers, but these devices must be directly attached
to one of the supported switches. Other devices using CDP display as generic edge devices.
Note Before starting Switch Network View, make sure you are using a supported browser.
For more information, see the “Hardware and Software Requirements” section on page 2-2.
Follow these steps to display the Switch Network View page:
Step 1 On the Switch Manager home page, click Switch Network View.
You will see the Switch Network View button only if the switch is not part of a
cluster.
Step 2 When prompted, enter the password for each switch in the stack.
You do not need to enter a username.
You can launch Switch Network View from any member switch but the topology that is
shown may not display all the switch members. Recall that Switch Network View displays
directly connected members one hop from the primary switch. Therefore, pointing your
browser at the primary switch in a star topology ensures the most complete view of the
network.
3-10 Cisco IOS Desktop Switching Software Configuration Guide

12.
Managing Switches through Switch Network View
Displaying Switch Connection Information
Figure 3-2 shows connection information for the switches being managed by Switch
Network View. Click on the Switch Manager button on the Switch Network View page to
display this table.
Figure 3-2 Visual Switch Manager Connection Information
Displaying the Visual Stack
The visual stack is an image of up to ﬁve 2900 or 3500 XL switches or both (Figure 3-3)
with the primary switch at the top. This stack contains the same switches as those on the
Switch Network View page (Figure 3-1), which displays the primary switch in the middle
and stack members connected to it. The stack images display real-time information about
the switches and their ports. You can use the stack to monitor port status, check port speed
and duplex settings, conﬁgure switch ports, and start the CVSM application.
3-12 Cisco IOS Desktop Switching Software Configuration Guide

14.
Managing Switches through Switch Network View
Checking Port Speed and Duplex Settings
To check the transmission speed settings for all switch ports, click MODE, and highlight
SPD (speed). Blue means 10 Mbps; green means 100 Mbps or higher.
To check the duplex setting, click MODE, and highlight FDUP (full-duplex). Blue means
half-duplex mode; green means full-duplex mode.
Conﬁguring Switch Ports
On the visual stack, double-click a port to launch the Port Conﬁguration window, which
shows the port settings and status. (You can also right-click a port to display the pop-up
menu. Select Port Conﬁguration to display the Port Conﬁguration pop-up window.) Select
Enable to enable or disable the port and STP Port Fast setting, and select a speed and
duplex setting from the drop-down lists. This window is the same as the one described in
the “Conﬁguring Ports on the Switch Home Page” section on page 3-18.
In addition, you can conﬁgure multiple ports as a group. To do so, press Ctrl and left-click
the ports, and then right-click the selected ports and select Port Conﬁguration from the
pop-up menu.
Accessing CVSM
The visual stack displays the IP address of each switch next to the switch image. Click the
IP address to open a separate browser window displaying the CVSM home page for that
switch. End the browser session when you want to return to the visual stack.
Note If you access CVSM to conﬁgure a stack member and then redisplay Switch
Network View, that stack member becomes the primary switch. The Switch Network View
displays devices in a different arrangement, and a stack member could become an edge
device.
3-14 Cisco IOS Desktop Switching Software Configuration Guide

15.
Managing Your Switch through CVSM
Managing Your Switch through CVSM
You access CVSM through one of the supported browsers described in the “Hardware and
Software Requirements” section on page 2-2. Ensure that you have the browser conﬁgured
correctly before starting CVSM.
Using the Switch Home Page
When you click Visual Switch Manager on the Cisco Systems Access page, the Cisco
Visual Switch Manager Home page (Figure 3-4) is displayed. All CVSM pages have a
Home button you can click to return to the home page.
Use this page to perform the following tasks:
• Change the enable secret password
• Enable the switch as a command switch
• Display Cluster Management or Switch Network View
• Monitor switch LEDs
• Conﬁgure ports
Changing the Password
If you change the enable secret password on this page, your connection with the switch
breaks, and the browser prompts you for the new password. For information on how to
change the password, click Help. If you have forgotten your password, see the “Recovering
from a Lost or Forgotten Password” section on page 5-4.
CLI Procedure for Changing the Password
This guide describes how to use the IOS commands that have been created or changed for
switches that support IOS Release 12.0(5)XP. For information on other IOS commands,
refer to the IOS documentation set available from the CCO home page by selecting Service
and Support>Technical Documents>Documentation Home Page>Cisco IOS Software
Conﬁguration>Cisco IOS Release 12.0.
Managing Your Switches 3-15

16.
Using the Switch Home Page
Figure 3-4 CVSM Home Page
Port System Security Device VLAN Fault
Shows the command
switch defined in Cluster
Builder.
Provides procedures and
detailed field
descriptions.
Assigns or changes the
Click to display the enable secret password.
switch cluster.
Enables the command switch.
Names the cluster.
Switch host name.
Click Mode to change
the meaning of the port
26224
LEDs to those described
in the Legend. The
options are STAT
(status), SPD (speed),
and FDUP (duplex).
Right-click or double-
Click here to display the click a port to configure
Cisco Connection speed and duplex
Online (CCO) home settings and disable the
page. port or STP Port Fast
feature.
3-16 Cisco IOS Desktop Switching Software Configuration Guide

17.
Enabling the Switch as a Command Switch
Enabling the Switch as a Command Switch
If the switch is command-capable, you can enable it and name the cluster that it controls.
After you enable the command switch, the Cluster Management button displays on the
home page. Table 1-1 on page 1-4 lists the switches that can be command switches and
those that can be command-enabled by a software upgrade.
CLI Procedure for Enabling the Command Switch and Naming the
Cluster
Beginning in privileged EXEC mode, follow these steps to enable the command switch and
name the cluster:
Task Command
Step 1 Enter global conﬁguration mode. conﬁgure terminal
Step 2 Enable and name the cluster. cluster enable name
The name can be up to 31 characters.
Step 3 Return to privileged EXEC mode. end
Step 4 Verify your entries. show cluster
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0 documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
Monitoring Port Settings
CVSM refreshes the switch image every 30 seconds to provide the most up-to-date
information. The LEDs on the switch image present the same information as the actual
LEDs, but they use colors instead of the on/off methods used on the switch front panel.
Click the Mode button to highlight STAT (status), SPD (speed), or FDUP (duplex), thus
changing the information conveyed by the port LEDs. The legend under the image
describes the meaning of the colors in each mode.
Managing Your Switches 3-17

18.
Using the Switch Home Page
You can also use the switch images in Cluster Manager to display VLAN membership
information and detailed information about the links between switches. For more
information, see Chapter 4, “Managing Clusters of Switches.”
Monitoring Other Switch LEDs
The other LEDs function as follows:
• The System LED displays the status of the switch.
• The RPS LED lights when a Cisco RPS is attached.
• The 1 or 2 LED lights when a module is installed in a modular switch.
Conﬁguring Ports on the Switch Home Page
You conﬁgure a port by using one of the following methods:
• Right-click a port and select Port Conﬁguration from the pop-up menu.
• Double-click a port to display the Port Conﬁguration pop-up window.
• Select multiple ports by holding the Ctrl key and clicking more than one port. Then
select Port Conﬁguration from the pop-up menu.
Figure 3-5 shows the Port Conﬁguration pop-up window, which has the same features as
the Port Conﬁguration window in Figure 3-6. The LEDs on the image of the switch reﬂect
any changes you make. If your switch is part of a cluster, you can also conﬁgure the ports
with the Cluster Management application. For more information, see Chapter 4,
“Managing Clusters of Switches.”
This software release supports 10/100, Gigabit Ethernet, ATM, and Catalyst GigaStack
Gigabit Interface Converters (GBICs). For defaults and guidelines for conﬁguring the
different types of ports, see the “Conﬁguring Port Parameters” section on page 3-23.
3-18 Cisco IOS Desktop Switching Software Configuration Guide

21.
Configuring Ports
Figure 3-6 Port Conﬁguration
Port System Security Device VLAN Fault
Shows the setting and the
actual port activity.
Autonegotiation allows the port
to match the duplex setting of
the attached device.
Displays statistics for the port.
Resets statistics for the port.
Shows when the port is
operating at 10 or 100 Mbps.
26989
Autonegotiation allows the port
to match the speed of the
device to which it is connected.
Sets flow control parameters
on Gigabit Ethernet ports
Shows when the port is able or
unable to transmit data.
Shows the module (0=fixed)
and port number.
Managing Your Switches 3-21

22.
Configuring Ports
Table 3-3 Port Conﬁguration Parameters
Field Description
Port Displays Fa (Fast Ethernet), Gi (Gigabit Ethernet), or AT (ATM); the module number: 0 (ﬁxed), 1
(right slot), or 2 (left slot); and the port number. In Figure 3-6, the port is a ﬁxed port (0) and port
number 1: Fa0/1.
Note The port numbers for the double-row connectors on the 3500 XL switches increment from
top to bottom and left to right.
Status: Administratively enables or disable the port. The ﬁeld also displays the current port status.
Admin/Actual
Duplex: Displays the current duplex setting. You can set a port to full-duplex (Full), half-duplex (Half), or
Requested/Actual autonegotiate (Auto). The default is Auto. For ATM ports, this ﬁeld is read-only and displays
Full.
Speed: Displays the current speed setting. You can set a port to 10 Mbps (10), 100 Mbps (100), or
Requested/Actual autonegotiate (Auto). The default is Auto.
For Gigabit Ethernet ports, the ﬁeld displays 1000 (1000 Mbps) and is read-only. For ATM ports,
the ﬁeld displays 155 (155 Mbps) and is read-only.
Port Name Names the port or describes how it is connected.
Statistics Displays transmit and receive statistics for the port. Click Reset to clear the statistics and close
the statistics window. Click View to display statistics.
Flow Control Enables or disables ﬂow control on Gigabit Ethernet ports. Flow control enables the connected
Gigabit Ethernet ports to control trafﬁc rates during congestion. If one port experiences
congestion and cannot receive any more trafﬁc, it notiﬁes the other port to stop transmitting until
the condition clears.
Select Symmetric when you want the local port to perform ﬂow control of the remote port only if
the remote port can also perform ﬂow control on the local port.
Select Asymmetric when you want the local port to perform ﬂow control on the remote port. For
example, if the local port is congested, it notiﬁes the remote port to stop transmitting. This is the
default setting.
Select Any when the local port can support any level of ﬂow control required by the remote port.
Select None to disable ﬂow control on the port.
This ﬁeld is displayed only when a Gigabit Ethernet port is present; it does not apply to Fast
Ethernet or ATM ports.
3-22 Cisco IOS Desktop Switching Software Configuration Guide

23.
Configuring Port Parameters
Conﬁguring Port Parameters
The Port Conﬁguration page displays the Requested and Actual settings for each port. A
port connected to a device that does not support the requested setting or that is not
connected to a device can cause the Requested and Actual settings to differ.
Caution If you reconﬁgure the port through which you are managing the switch, an STP
reconﬁguration could cause a temporary loss of connectivity.
Follow these guidelines when conﬁguring the duplex and speed settings:
• Gigabit Ethernet ports are always set to a speed of 1000 but can negotiate full- or
half-duplex with the attached device.
• ATM ports are always set to full and do not autonegotiate duplex or speed settings.
• Gigabit Ethernet ports that fail to match the settings of an attached device lose
connectivity and do not generate statistics.
• GigaStack-to-GigaStack stack connections operate in half-duplex mode, and
GigaStack-to-GigaStack point-to-point connections operate in full-duplex mode.
• If STP is enabled, the switch can take up to 30 seconds to check for loops when a port
is reconﬁgured. The port LED is amber while STP reconﬁgures.
• After you make a change, you can verify the change by clicking the port on the Home
page or by using the Mode button.
Connecting to Devices That Do Not Autonegotiate
To connect to a remote 100BaseT device that does not autonegotiate, do not conﬁgure
AUTO for the duplex setting on the local device. Autonegotiation of the port speed works
correctly even if the attached device does not autonegotiate.
To connect to a remote Gigabit Ethernet device that does not autonegotiate, disable
autonegotiation on the local device, and set the duplex and ﬂow control parameters to be
compatible with the other device. For more information, see the “Identifying an
Autonegotiation Mismatch” section on page 5-2.
Managing Your Switches 3-23

26.
Creating EtherChannel Port Groups
Creating EtherChannel Port Groups
Use the Port Group (EtherChannel) page (Figure 3-8) to create Fast EtherChannel and
Gigabit EtherChannel port groups. These port groups act as single logical ports for
high-bandwidth connections between switches or between switches and servers.
Note You can create port groups of either Gigabit Ethernet ports or 100BaseTX ports, but
you cannot create a port group that contains both port speeds at the same time.
To display this page, select Port>Port Grouping (EC) from the menu bar.
For the restrictions that apply to port groups, see the “Managing Conﬁguration Conﬂicts”
section on page 3-7.
Understanding EtherChannel Port Grouping
This software release supports two different types of port groups: source-based forwarding
port groups and destination-based forwarding port groups.
Source-based forwarding port groups distribute packets forwarded to the group based on
the source address of incoming packets. You can conﬁgure up to eight ports in a
source-based forwarding port group. Source-based forwarding is enabled by default.
Destination-based port groups distribute packets forwarded to the group based on the
destination address of incoming packets. You can conﬁgure an unlimited number of ports
in a destination-based port group.
You can create up to 12 port groups of all source-based, all destination-based, or a
combination of source- and destination-based ports. All ports in the group must be of the
same type; for example, they must be all source based or all destination based. You can
independently conﬁgure port groups that link switches, but you must consistently conﬁgure
both ends of a port group.
In Figure 3-7, a port group of two workstations communicates with a router. Because the
router is a single-MAC address device, source-based forwarding ensures that the switch
uses all available bandwidth to the router. The router is conﬁgured for destination-based
forwarding because the large number of stations ensures that the trafﬁc is evenly distributed
through the port-group ports on the router.
3-26 Cisco IOS Desktop Switching Software Configuration Guide

27.
Understanding EtherChannel Port Grouping
Figure 3-7 Source-Based Forwarding
Source-based Destination-based
forwarding forwarding
FEC port group
Catalyst 2900 XL Cisco router
12650
or Catalyst 3500 XL switch
The switch treats the port group as a single logical port; therefore, when you create a port
group, the switch uses the conﬁguration of the ﬁrst port for all ports added to the group. If
you add a port and change the forwarding method, it changes the forwarding for all ports
in the group. After the group is created, changing STP or VLAN membership parameters
for one port in the group automatically changes the parameters for all ports. Each port group
has one port that carries all unknown multicast, broadcast, and STP packets.
Figure 3-8 Port Group (EtherChannel)
Port System Security Device VLAN Fault
Select source when
connecting to a router
or other single-MAC
address device.
Maximum of 8 ports.
Select destination
when connecting to a
switch or multi-MAC
26990
address device. Any
number of ports.
Managing Your Switches 3-27

28.
Creating EtherChannel Port Groups
Port Group Restrictions on Static-Address Forwarding
The following restrictions apply to entering static addresses that are forwarded to port
groups:
• If the port group forwards based on the source MAC address (the default), conﬁgure the
static address to forward to all ports in the group. This method eliminates the chance of
lost packets.
• If the port group forwards based on the destination address, conﬁgure the static address
to forward to only one port in the port group. This method avoids the possible
transmission of duplicate packets.
Note Check boxes for ports on the Static Address Forwarding Map appear only if they are
in the same VLAN as the receiving port. For more information, see “Adding and Removing
Static Addresses” section on page 3-73.
CLI Procedure for Creating EtherChannel Port Groups
Beginning in privileged EXEC mode, follow these steps to create a two-port group:
Task Command
Step 1 Enter global conﬁguration mode. conﬁgure terminal
Step 2 Enter interface conﬁguration mode, and enter the port of interface interface
the ﬁrst port to be added to the group.
Step 3 Assign the port to group 1 with destination-based port group 1 distribution
forwarding. destination
Step 4 Enter the second port to be added to the group. interface interface
Step 5 Assign the port to group 1 with destination-based port group 1 distribution
forwarding. destination
Step 6 Return to privileged EXEC mode. end
Step 7 Verify your entries. show running-conﬁg
3-28 Cisco IOS Desktop Switching Software Configuration Guide

29.
Enabling Switch Port Analyzer
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0 documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
Enabling Switch Port Analyzer
Use the Switch Port Analyzer (SPAN) page (Figure 3-9) to enable port monitoring. You can
monitor trafﬁc on a given port by forwarding incoming and outgoing trafﬁc on the port to
another port in the same VLAN. A SPAN port cannot monitor ports in a different VLAN,
and a SPAN port must be a static-access port. Any number of ports can be deﬁned as SPAN
ports, and any combination of ports can be monitored.
To display this page, select Port>Switch Port Analyzer (SPAN) from the menu bar.
For the restrictions that apply to SPAN ports, see the “Managing Conﬁguration Conﬂicts”
section on page 3-7.
Managing Your Switches 3-29

32.
Configuring Flooding Controls
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0 documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
Conﬁguring Flooding Controls
Use the Flooding Controls page (Figure 3-10) to block the forwarding of unnecessary
ﬂooded trafﬁc. You can use three ﬂooding techniques:
• Forward all trafﬁc to a network port.
• Enable broadcast storm control.
• Block the forwarding of unicast and broadcast packets on a per-port basis.
To display this page, select Port>Flooding Controls from the menu bar.
3-32 Cisco IOS Desktop Switching Software Configuration Guide

33.
Configuring Flooding Controls
Figure 3-10 Flooding Controls
Port System Security Device VLAN Fault
Select a port to receive all
the flooded traffic in its
VLAN.
Enter the start (Rising)
and stop (Falling)
parameters for broadcast
storm control.
Deselect to disable
flooding to the port.
Number of broadcast
packets per second
arriving on the port.
26985
Click to send a trap when
broadcast storm control
starts and stops.
Click to activate broadcast
storm control on the port.
Managing Your Switches 3-33

34.
Configuring Flooding Controls
Enabling a Network Port
Network ports are assigned per VLAN and can reduce ﬂooded trafﬁc on your network. The
switch forwards all trafﬁc with unknown destination addresses to the network port instead
of ﬂooding the trafﬁc to all ports in the VLAN.
When you conﬁgure a port as the network port, the switch deletes all associated addresses
from the address table and disables learning on the port. If you conﬁgure other ports in the
VLAN as secure ports, the addresses on those ports are not aged. If you move a network
port to a VLAN without a network port, it becomes the network port for the new VLAN.
You cannot change the settings for unicast and multicast ﬂooding on a network port. You
can assign only one network port per VLAN.
Caution Do not attempt to connect cluster members through a network port. A network
port cannot link cluster members.
For restrictions that apply to a network port, see the “Managing Conﬁguration Conﬂicts”
section on page 3-7.
CLI Procedure for Enabling a Network Port
Beginning in privileged EXEC mode, follow these steps to deﬁne a port as the network port:
Task Command
Step 1 Enter global conﬁguration mode. conﬁgure terminal
Step 2 Enter interface conﬁguration mode, and enter the port to be interface interface
conﬁgured.
Step 3 Deﬁne the port as the network port. port network
Step 4 Return to privileged EXEC mode. end
Step 5 Verify your entry. show running-conﬁg
3-34 Cisco IOS Desktop Switching Software Configuration Guide

35.
Enabling Broadcast Storm Control
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0 documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
CLI Procedure for Disabling a Network Port
Beginning in privileged EXEC mode, follow these steps to disable the network port:
Task Command
Step 1 Enter global conﬁguration mode. conﬁgure terminal
Step 2 Enter interface conﬁguration mode, and enter the port to be interface interface
conﬁgured.
Step 3 Disable the port as the network port. no port network
Step 4 Return to privileged EXEC mode. end
Step 5 Verify your entry. show running-conﬁg
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0 documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
Enabling Broadcast Storm Control
A broadcast storm occurs when a large number of broadcast packets are received.
Forwarding these packets can cause the network to slow down or to time out. Broadcast
storm control is conﬁgured for the switch as a whole but operates on a per-port basis. By
default, broadcast storm control is disabled.
Broadcast storm control uses speciﬁc high and low numbers of broadcast packets to block
and then to restore forwarding of broadcast packets. The rising threshold is the number of
broadcast packets that a switch port can receive before forwarding is blocked. The falling
threshold reenables the normal forwarding of broadcast packets. In general, the higher the
Managing Your Switches 3-35

39.
Blocking Flooded Traffic on a Port
Task Command
Step 6 Verify your entries, entering the appropriate show port block {multicast | unicast}
command once for the multicast option and interface
once for the unicast option.
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0) documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
Managing Your Switches 3-39

40.
Reloading and Upgrading the Switch Software
Reloading and Upgrading the Switch Software
Use the System Conﬁguration page (Figure 3-11 and Figure 3-12) to specify the Flash
memory ﬁlenames that the switch uses when it starts or resets. You can also use this page
to upgrade your switch software. If your switch is part of a cluster, you can also upgrade its
software with the Cluster Management application. For more information, see Chapter 4,
“Managing Clusters of Switches.”
You can use this page to perform the following tasks:
• Change the baud rate for the console port.
• Save the Conﬁguration ﬁle and restart the switch.
• Change the reload options the switch uses when it restarts.
• Upgrade the software running the switch.
To display this page, select System>System Conﬁguration from the menu bar.
Saving the Conﬁguration File
The startup conﬁguration ﬁle (conﬁg.text) contains the IP address, passwords, and other
conﬁguration information you enter. The switch reloads this ﬁle when it restarts. However,
the startup conﬁguration ﬁle might not be the running (current) conﬁguration.
Conﬁguration changes made through CVSM or the CLI take effect immediately on the
switch but must be explicitly saved to be included in the startup conﬁguration.
Use this page to save the running conﬁguration to the startup conﬁguration ﬁle. The
following buttons control the switch startup:
Save Conﬁguration Click to write the running conﬁguration to Flash memory. This
conﬁguration is then loaded when the switch is restarted.
Reboot System Click to restart the switch and load the new startup
conﬁguration.
3-40 Cisco IOS Desktop Switching Software Configuration Guide

42.
Reloading and Upgrading the Switch Software
In the previous command display, the image ﬁle that runs the switch has a .bin extension,
the html directory contains the web management application ﬁles, and conﬁg.text contains
the current conﬁguration. If you need more information about accessing the switch by using
the CLI, refer to the “Conﬁguring the Switch for Telnet” section on page 2-36.
Click Help for procedures on how to conﬁgure the ﬁelds on this page.
Upgrading Switch Software
When you upgrade a switch, the switch continues to operate normally while the new
software is copied to Flash memory. If Flash memory does not have enough space for two
images, the new image is copied over the existing one. If Flash memory has enough space,
the new image is copied to the selected switch but does not replace the current running
image. Only after the new image is completely downloaded is the old one erased. If you
experience a failure during the copy process, you can still reboot your switch using the old
image. The new software is loaded the next time you reboot.
If you group switches into a cluster, you can upgrade the entire cluster from Cluster
Manager. For more information, see the “Upgrading Software for a Group of Switches”
section on page 4-27.
New releases of switch software are available on Cisco Connection Online (CCO). The
process of upgrading your switch consists of the following steps:
Step 1 Downloading the software from CCO.
Step 2 Downloading a TFTP server if necessary.
Step 3 Entering the name of the new image on the System Conﬁguration page and
clicking Upgrade Cisco IOS and Visual Switch Manager.
Note When performing upgrades through CVSM, you can upgrade from the
current release to the current release (for example, from standard to Enterprise
Edition Software) or from the current release to a future release.
Click Help for the complete procedures for this process.
3-42 Cisco IOS Desktop Switching Software Configuration Guide

43.
CLI Procedure for Upgrading the Switch Software
Figure 3-12 System Conﬁguration (Part 2)
Current software release
running on the switch.
IP address or name of device
where the new file is in the TFTP
root directory.
Name of new software image.
Files are renamed unless you
click here.
Click here to start the upgrade.
26225
CLI Procedure for Upgrading the Switch Software
This procedure is for switches with 8 MB of DRAM. Switches running earlier IOS releases
might have less memory and require slightly different procedures. To upgrade a 2900 XL
switch with 4 MB of DRAM, refer to the Release Notes for Catalyst 2900 Series XL and
Catalyst 3500 Series XL, for Cisco IOS Release 11.2(8.1)SA6 or 11.2(8.2)SA6. These
switches cannot be upgraded to IOS Release 12.0(5)XP. To determine the switch DRAM
size, enter the user level show version command.
The upgrade procedure consists of these general steps:
• Changing the name of the current image ﬁle to the name of the new ﬁle you are copying,
and replacing the old image ﬁle with the new one by using the tar command.
• Disabling access to the HTML pages and deleting the existing HTML ﬁles before you
upgrade the software to avoid a conﬂict with users accessing the CVSM pages during
the software upgrade.
• Reenabling access to the HTML pages after the upgrade is complete.
Managing Your Switches 3-43

44.
Reloading and Upgrading the Switch Software
Beginning in privileged EXEC mode, follow these steps to upgrade the switch software:
Task Command
Step 1 Verify that your switch has 8 MB of DRAM. show version
For example, check the line cisco
WS-C3508G-XL (PowerPC403)
processor (revision 0x01) with
8192K/1024K bytes of memory.
Step 2 Display the name of the current (default) show boot
image ﬁle.
Step 3 Rename the current image ﬁle to the name of rename ﬂash:current_image ﬂash:new_image.bin
the ﬁle that you downloaded, and replace the
tar extension with bin. This step does not
affect the operation of the switch.
Step 4 Display the contents of Flash memory to dir ﬂash:
verify the renaming of the ﬁle.
Step 5 Enter global conﬁguration mode. conﬁgure terminal
Step 6 Disable access to the switch HTML pages. no IP http server
Step 7 Return to privileged EXEC mode. end
Step 8 Remove the CVSM HTML ﬁles. delete ﬂash:html/*
Press Enter to conﬁrm the deletion of each
ﬁle. Do not press any other keys during this
process.
Step 9 For IOS release 11.2(8)SA5 and earlier delete ﬂash:html/Snmp/*
running on 2900 XL switches, remove the
ﬁles in the Snmp directory.
Make sure the S in Snmp is uppercase.
Press Enter to conﬁrm the deletion of each
ﬁle. Do not press any other keys during this
process.
3-44 Cisco IOS Desktop Switching Software Configuration Guide

45.
Setting the System Date and Time
Task Command
Step 10 Use the tar command to copy the ﬁles into tar /x tftp://server_ip_address//path/ﬁlename.tar
the switch Flash memory. ﬂash:
Depending on the TFTP server, you might
need to enter only one slash (/) after the
server_ip_address in the tar command.
Step 11 Enter global conﬁguration mode. conﬁgure terminal
Step 12 Reenable access to the switch HTTP pages. IP http server
Step 13 Return to privileged EXEC mode. end
Step 14 Reload the new software. reload
For more information on these commands, see the Cisco IOS Desktop Switching Command
Reference (online only). The complete IOS Release 12.0 documentation is available
through CCO by selecting Service and Support>Technical Documents>Documentation
Home Page>Cisco IOS Software Conﬁguration>Cisco IOS Release 12.0.
Setting the System Date and Time
Use the System Time Management page (Figure 3-13) to set the system time for a switch
or enable an external source such as Network Time Protocol (NTP) to supply time to the
switch.
You can use this page to set the switch time by using one of the following techniques:
• Manually set the system time (including daylight saving time) and date
• Conﬁgure the switch to run in NTP client mode and receive time information from an
NTP server
• Conﬁgure the switch to run in NTP broadcast-client mode and receive information from
an NTP broadcast server
To display this page, select System>System Time Management from the menu bar.
Managing Your Switches 3-45

46.
Setting the System Date and Time
Figure 3-13 System Time Management
Port System Security Device VLAN Fault
Set time manually if
there is no NTP
server.
Set time in relation
to Greenwich Mean
Time.
Select item to
configure daylight
saving time.
Click to configure
27002
time from a NTP
server.
Setting the System Date and Time
Enter the date and a 24-hour clock time setting on the System Time Management page. If
you are entering the time for an American time zone, enter the three-letter abbreviation for
the time zone in the Name of Time Zone ﬁeld, such as PST for Paciﬁc Standard Time. If
you are identifying the time zone by referring to Greenwich Mean Time, enter UTC
(Universal Time Coordinated) in the Name of Time Zone ﬁeld. You then must enter a
negative or positive number as an offset to indicate the number of time zones between the
switch and Greenwich, England. Enter a negative number if the switch is west of
Greenwich, England, and east of the International Date Line. For example, California is
3-46 Cisco IOS Desktop Switching Software Configuration Guide

47.
CLI Procedure for Setting the System Date and Time
eight time zones west of Greenwich, so you would enter -8 in the Hours Offset From UTC
ﬁeld. Enter a positive number if the switch is east of Greenwich. You can also enter negative
and positive numbers for minutes.
To conﬁgure daylight saving time, select an option from the drop-down list, and click
Conﬁgure Summer/Daylight Saving Time. You can conﬁgure the switch to change to
daylight saving time on a particular day every year, on a day that you enter, or not at all.
CLI Procedure for Setting the System Date and Time
This guide describes the use of IOS commands that have been created or changed for use
with switches that support IOS Release 12.0(5)XP. The complete IOS Release 12.0
documentation is available through CCO by selecting Service and Support>Technical
Documents>Documentation Home Page>Cisco IOS Software Conﬁguration>Cisco
IOS Release 12.0.
Conﬁguring the Network Time Protocol
In complex networks it is often prudent to distribute time information from a central server.
The NTP can distribute time information by responding to requests from clients or by
broadcasting time information. You can use the Network Time Protocol page (Figure 3-14)
to enable these options and to enter authentication information to accompany NTP client
requests.
To display this page, click Conﬁgure NTP on the System Time Management page.
Managing Your Switches 3-47

48.
Setting the System Date and Time
Figure 3-14 Network Time Protocol
Configure the NTP
server for the
switch. Key ID is
for authentication.
Enable NTP
authentication.
Enable the switch
to receive NTP
broadcast packets.
Enter a delay in
microseconds to
allow for the
estimated
broadcast interval.
22322
Conﬁguring the Switch as an NTP Client
You conﬁgure the switch as an NTP client by entering the IP addresses of up to ten NTP
servers in the IP Addr ﬁeld. Click Preferred to specify which server should be used ﬁrst.
You can also enter an authentication key to be used as a password when requests for time
information are sent to the server.
3-48 Cisco IOS Desktop Switching Software Configuration Guide

49.
Configuring the Network Time Protocol
Enabling NTP Authentication
To ensure the validity of information received from NTP servers, you can authenticate NTP
messages with public-key encryption. This procedure must be coordinated with the
administrator of the NTP servers: the information you enter on this page will be matched
by the servers to authenticate it.
Click Help for more information about entering information in the Key Number, Key
Value, and Encryption Type ﬁelds.
Conﬁguring the Switch for NTP Broadcast-Client Mode
You can conﬁgure the switch to receive NTP broadcast messages if there is an NTP
broadcast server, such as a router, broadcasting time information on the network. You can
also enter a delay in the Estimated Round-Trip Delay ﬁeld to account for round-trip delay
between the client and the NTP broadcast server.
CLI Procedure for Conﬁguring NTP
This guide describes the use of IOS commands that have been created or changed for use
with switches that support IOS Release 12.0(5)XP. The complete IOS Release 12.0
documentation is available through CCO by selecting Service and Support>Technical
Documents>Documentation Home Page>Cisco IOS Software Conﬁguration>Cisco
IOS Release 12.0.
Managing Your Switches 3-49

50.
Configuring IP Information
Conﬁguring IP Information
Use the IP Management page (Figure 3-15) to change or enter IP information for the
switch. Some of this information, such as the IP address, you had previously entered.
You can use this page to perform the following tasks:
• Assign IP information.
• Remove an IP address.
• Conﬁgure the management VLAN interface.
• Specify a domain name, and conﬁgure the Domain Name System (DNS) server.
To display this page, select System>IP Management from the menu bar.
3-50 Cisco IOS Desktop Switching Software Configuration Guide

51.
Configuring IP Information
Figure 3-15 IP Management
Port System Security Device VLAN Fault
Command switch defined in Cluster Builder.
Member switches in a cluster do not require IP
information. The command switch in the cluster
directs information to and from the member
switches.
Enter a domain name to be appended to the switch
host name. Do not include the initial period. Separate
a list of names with a comma and no space.
Configures the management VLAN.
Domain name servers handle name and address
resolution.
26223
Managing Your Switches 3-51